The year of 2018 has been one of the worst to date in terms of both number of security breaches and the number of records that have been exposed.
The importance of embedded security grows in connected microcontrollers
The year of 2018 has been one of the worst to date in terms of both number of security breaches and the number of records that have been exposed. With the number of connected devices and online users continuing to rise, the need for embedded security is becoming critical, and as described below, sometimes required. As seen by the Mirai botnet attacks taking advantage of unsecure IoT devices and the more recent news of a casino having high-profile information stolen due to a fish tank with a smart thermometer, security is needed at every level.
New legislation now requires data and connectivity protections such as the General Data Protection Regulation in the EU implemented in May of 2018, and the newly signed California Senate Bill requiring security features be in all “smart” devices by 2020. While new legislation is a crucial step to creating more secure devices, the task of raising the importance of security in their products will fall to the manufacturers. Due to recent highly publicized data breaches in popular social media companies, cybersecurity is a growing concern amongst consumers, but unfortunately most consumers do not know what to look for in a secure device or the risk of not having one. A majority of tech sector employees believe that consumers would be willing to trade performance for greater security assurances, but until recently, pricing pressure has prevented OEMs from being the first to choose more secure processor solutions due to the highly cost-competitive consumer market. Megatrends such as autonomous driving and industrial IoT will also require greater device security, as the potential result of a vehicle or piece of factory equipment failing to act or performing unintended acts could be catastrophic.
Features of a secure device:
- Secure Boot: Uses a combination of crypto code from the manufacturer along with secure hardware elements to verify the software being loaded is authentic
- Secure Code Updates: Uses signed code to update the system and verify it is authentic to provide bug fixes and security patches
- Data Security: Prevents unauthorized access to a device as well as encrypts data storage and communications
- Authentication: All communication with a device should be authenticated using strong passwords and security certificates
- Secure communication: Uses Secure Shell (SSH) and Secure Sockets Layer (SSL) protocols to ensure communication is encrypted and secure
- Protection Against Cyber Attacks: Uses embedded firewalls to monitor traffic
- Intrusion Detection and Security Monitoring: Detects and reports invalid logins and suspected malicious activities
- Embedded Security Management: Integrates with a security management system that can be updated
- Device Tampering Protection: Provides the ability to detect if a seal has been broken and the device hardware may have been tampered with
Between 2016 and 2017, total revenue from embedded secure elements rose nearly $250 million, now reaching roughly 5% of the total microcontroller revenue. As seen in the above graph, secure data processing microcontroller revenue increased the most year over year at $167 million, followed by automotive at $37 million year over year. The consumer electronics market produces the least amount of revenue from embedded secure elements at just $14 million, and as predicted, due to the highly cost-competitive market, it saw no increase year over year. The total embedded secure element revenue and percentage of the microcontroller market is expected to increase in 2018 with the introduction of new security focused products and expanded product lines such as the Infineon SLE, Maxim DeepCover, Microchip SAM L11, NXP Kinetis K8x, Renesas RS-4 and AE-5, and STMicroelectronics ST31 and ST32, as well as greater adoption of existing secure elements such as Arm TrustZone, Microsoft Azure Sphere, Dover CoreGuard and eSIM technology. To learn more about microcontrollers, MCU design and how they provide security to a device, please view our 2018 2H Microcontroller Market Tracker.